Security Server Installation Guide - Netop...Security Server Installation Guide 29.03.2017 5 5....
Transcript of Security Server Installation Guide - Netop...Security Server Installation Guide 29.03.2017 5 5....
SECURITY SERVER INSTALLATION GUIDE
29 March 2017
Security Server Installation Guide
29.03.2017 1
Contents
1. Introduction .................................................................................................................................. 2
1.1 Assumptions ......................................................................................................................... 2
1.2 Prerequisites ........................................................................................................................ 2
2. Required setups prior the Security Server Installation .................................................................. 3
1.1 Create domain admin account user ...................................................................................... 3
1.2 SQL setup ............................................................................................................................ 5
1.2.1 Add the domain account user to the SQL DB .......................................................... 5
1.2.2 Create the NSS DB ................................................................................................. 6
3. Install the Security Server ............................................................................................................. 7
4. Configure the Security Server ..................................................................................................... 12
5. Launch the Security Server module and run the setup wizard .................................................... 20
6. Configure the Host to use Security Server .................................................................................. 27
7. Configure the Security Role Assignment .................................................................................... 33
Security Server Installation Guide
29.03.2017 2
1. Introduction
The Netop Remote Control Security is a centralized authentication server for Netop Remote Control
Hosts. It can also act as a centralized log server for Netop activity from both the Netop Host and Netop
Guest.
The Security Server consists of two components.. One is simply called the Security Server module and
it is the engine that runs, listens and processes authentication requests from the Host. The second
component is called the Security Manager which is simply a GUI to edit the security roles and role
assignments in the database. The Security Manager will also allow you to view the Netop activity log.
This document walks you thought the installation of Netop Security Server and integration with an SQL
database and the Active Directory, ensuring functionality with Netop components.
This guide does not explain all options within the Security Server. For detailed information on the Netop
Security Server complex functionality, see the Netop Remote Control Administrator’s Guide.
1.1 Assumptions
This guide assumes that you have installed a Netop Guest and a Netop Host on different computers
and you can make a remote control connection between the two.
1.2 Prerequisites
Before you begin you will also need to obtain the Netop Remote Control Security Server MSI and a
valid serial number.
Security Server Installation Guide
29.03.2017 3
2. Required setups prior the Security Server Installation
1.1 Create domain admin account user
On the Active Directory server create a domain account:
1. Go to Start>Programs>Administrative Tools, and click Active Directory Users and
Computers.
2. In the Active Directory Users and Computers window, expand <domain name>.
3. Right-click Users, point to New, and select User.
4. In the New Object - User dialog box, do the following:
• In the First name and Last name fields, type a first and last name for the account.
• In the User logon name field, type the username that will be used to log on to the Active
Directory domain.
5. Click Next.
6. In the Password field, type a password for the account, and then in the Confirm password
field, type the password again.
7. Select User cannot change password and Password never expires:
Security Server Installation Guide
29.03.2017 4
8. Click Next, then click Finish. The domain account users will be added to the domain.
Note: To install Security Manager, you must be an administrator or a user with local administrator rights to the server and with access rights to the Windows Server console.
Give the domain account administrative privileges:
1. Right-click the created user account and select Add to a group.
2. In the Select Groups dialog box, search for the group name by entering the name in the Enter the
object name to select field and clicking Check Name.
3. Click OK.
4. If multiple group names are found, select Domain Admins.
Security Server Installation Guide
29.03.2017 5
5. Click OK. The selected group will be displayed in the Select Groups dialog box:
6. Click OK. The selected domain account was granted administrative privileges.
1.2 SQL setup
1.2.1 Add the domain account user to the SQL DB
1. In SQL Server Management Studio, open Object Explorer and expand the Security folder.
2. Right-click the Logins folder and click New Login....
3. Search for the domain account user and make sure to select Windows authentication.
Security Server Installation Guide
29.03.2017 6
4. Click OK.
1.2.2 Create the NSS DB
In the Object Explorer, right-click the Databases folder and click New Database... In the New Database
window, type a name for the Netop Security Server database and make the domain account user the
DB owner.
Click OK.
Security Server Installation Guide
29.03.2017 7
3. Install the Security Server
Prerequisite: On the machine where you will install the Netop Security Server, add the domain admin
user to the Windows Local Administrator list.
1. Log into the Windows Server console using the account with local administrator rights (the one mapped with teh NSS DB on the SQL server).
2. Go to the folder you have saved the Netop Remote Control Security Server MSI and double-click it. The Netop Security Server – Setup will be displayed.
Security Server Installation Guide
29.03.2017 8
3. Click Next.
4. Accept the Netop End-User License Agreement.
5. Click Next.
6. Enter the username, organization and the Netop Security Server Serial Number (sometimes referred to as the License Key).
Security Server Installation Guide
29.03.2017 9
7. Click Next.
8. Select the Typical setup type.
Some Netop features might require a restart of the Netop service or the computer.
Security Server Installation Guide
29.03.2017 10
9. Make sure that the Restart service if needed option is checked.
10. Click Next.
11. Make sure that the Allow Netop Security Server to accept incoming network connections option is checked.
12. Click Next.
Security Server Installation Guide
29.03.2017 11
13. Optionally, you can choose to Save Installation files for future use (Change or Repair).
14. Click Install.
IMPORTANT: Uncheck the Launch the Netop Security Server Product checkbox.
15. Click Finish.
Security Server Installation Guide
29.03.2017 12
4. Configure the Security Server
1. From the Windows desktop go to the Start > All Programs > Netop Remote Control and run as administrator the Security Manager. The Netop Security Manager Setup Wizard will be displayed.
2. In the Logon to Database dialog box, make sure that the Create local test database option is not selected and click Change.
The Select Data Source dialog box will be displayed.
3. Select the Machine Data Source tab.
4. Click New.
Security Server Installation Guide
29.03.2017 13
5. In the Create New Data Source dialog box, select System Data Source (Apply to this
machien only).
6. Click Next.
7. Select SQL Server as driver for which you weant to set up a data source.
8. Click Next, then click Finish. The Create a New Data Source to SQL Server wizard will be
dispalyed.
9. Type a name for the data source and from the Server drop-down list select the MS SQL server
you will connect to:
Security Server Installation Guide
29.03.2017 14
10. Click Next. Make sure that the following options are selected:
• With Windows NT authentication using the network login ID
• Connect to SQL Server to obtain default settings for the additional configuration options.
Security Server Installation Guide
29.03.2017 15
11. Click Next.
12. Select Change the default database to <the Netop Security Server DB, as defined in the SQL Server>:
13. Click Next, then click Finish. The ODBC Microsoft SQL Server Setup dialog box will be
displayed:
14. Test the data source. If successful, click OK.
Security Server Installation Guide
29.03.2017 16
15. Click OK three times to reach the Logon to Database dialog box.
16. Enter the password and click Logon.
Security Server Installation Guide
29.03.2017 17
17. In the Netop Security Server – Security Server Public Key dialog box, click to Generate New Public Key.
18. Click Generate New Public Key.
19. Select the public key generated then click Copy to clipboard.
20. Click Next twice. 21. In the Group Name (Private) field enter your domain and re-enter it in the Confirm Group
Name field.
22. Click Next. The Security Server list will be displayed. The name of your Security Server will appear in the server field.
Security Server Installation Guide
29.03.2017 18
23. Click Add to add your Security Server to the database, then click Next.
24. Select Guests enter Directory Services username and password.
25. Click Next and select Always the Workstation.
Security Server Installation Guide
29.03.2017 19
26. Click Next, then close Netop Security Manager.
Open a txt file and paste the Security Server Public Key you have previously saved to clipboard.
Security Server Installation Guide
29.03.2017 20
5. Launch the Security Server module and run the setup wizard
1. From the Windows desktop go to the Start menu and select All Programs > Netop Remote
Control > Security Server.
It is required that you select to Run Host as specific user by checking the Enable box.
2. Enter Windows credentials that have been added to the Local Administrators Group on this server.
3. Click OK. The Netop Security Server Setup Wizard will be displayed.
4. Click Next.
Security Server Installation Guide
29.03.2017 21
5. Make sure that the Default option is selected.
6. Click Next.
7. Make sure that the option to Start with Windows is selected.
8. Click Next.
9. Enter a secure password that can be used later to remote control the Security Server from your Netop Guest. Make sure to confirm the password.
Security Server Installation Guide
29.03.2017 22
10. Click Next.
11. Make sure that you choose not to configure WebConnect by selecting No.
12. Click Next.
13. Select the No, I do not want to register my Netop License now option.
Security Server Installation Guide
29.03.2017 23
14. Click Next.
15. Click Finish.
16. The Netop Security Server is now running. The Netop Security icon appears in the system tray.
Security Server Installation Guide
29.03.2017 24
17. Right click on the icon and select Restore.
18. Go to the Tools menu and select Security Server Setup. The database setup will be displayed.
Security Server Installation Guide
29.03.2017 25
19. In the upper-right corner of the page, click the ellipsis button. The Select Data Source page will be displayed from where you will select the desired database.
20. Click the Machine Data Source tab, select the NetOp_Security_Evaluation data source name and click OK.
21. No need to enter credentials; just click OK.
Security Server Installation Guide
29.03.2017 26
22. Click the Logon button.
23. Wait until you see the Information Status: “Security Server running.”
24. Click OK.
25. Restart the Netop Security Server.
Security Server Installation Guide
29.03.2017 27
6. Configure the Host to use Security Server
1. Open GUI of the Host you want to use with Security Server.
2. Make a note of the Host ID as it is displayed in the General tab. You might want to use this ID later when making role assignments in the Security Manager.
3. On the main menu click Tools and select the Communication Profiles option. The Communication Profile Setup will be displayed.
Security Server Installation Guide
29.03.2017 28
4. Make sure that the TCP/IP communication profile is selected. Click on it then click the Edit button.
5. Click the IP Broadcast list… button.
6. Click the Add button.
Security Server Installation Guide
29.03.2017 29
7. Enter your Security Server’s DNS name or IP address and click OK.
8. Optionally, you might unselect to Disable local subnet broadcast.
9. Click OK twice then click Close. You will be prompted to restart the Host.
10. Click OK.
11. On the main menu, click Actions and select Restart.
12. Once the Host’s status returns to running on the main menu click Tools and select the Log Setup option.
Security Server Installation Guide
29.03.2017 30
13. Select the Log on Netop Server option.
14. Click the Netop Server tab.
15. Click the Select All button to enable logging of all Netop events.
16. Click the Browse… button.You will be prompted to wait until the Log Servers list will be displayed. Your Netop Security Server will be shown in the list.
Security Server Installation Guide
29.03.2017 31
17. Select the server name from the list and click the Select button.
18. Click OK. The Netop Host is checking if the log server is available.
19. On the main menu click Tools and select the Guest Access Security option.
Security Server Installation Guide
29.03.2017 32
20. From the Guest Access Method drop-down list select the Use Netop Security Server option.
21. Copy and paste the Public Key from the Public Key text file that you made while setting up the Netop Security Manager.
22. Click OK.
Security Server Installation Guide
29.03.2017 33
7. Configure the Security Role Assignment
1. Return to the Netop Security Server computer and open the Netop Security Manager.
2. On the left tree collapse Netop Definitions and select Guest IDs.
Security Server Installation Guide
29.03.2017 34
3. Right-click on the right side of the window and select New.
4. In the first field type a new Guest ID.
Security Server Installation Guide
29.03.2017 35
5. In the Password area, enter a password and confirm it and make sure to deselect the Change at next logon option.
6. Click OK.
7. On the left tree, collapse Security Settings and select Role Assignments.
Security Server Installation Guide
29.03.2017 36
8. Right-click on the right side of the window and select New.
9. In the Select Guest Type dialog box select Guest ID and click Next.
Security Server Installation Guide
29.03.2017 37
10. The Guest ID you created earlier is selected by default. Click Next.
11. Select the Host ID Group option and click Next.
Security Server Installation Guide
29.03.2017 38
12. The UNREGISTERED HOSTS group is selected by default. Click Next.
13. The Full Control security role is selected by default. Click Finish.
You have now completed your first role assignment for testing.
If you have configured everything correctly will now be able to connect from your Netop Guest to the
Netop Host using Security Server authentication and Security Server logging.